What universities need to know about the Heartbleed bug

Heartbleed security flaw, university data breaches have administrators on edge

The Heartbleed bug, a serious security flaw found earlier this month in the encryption software used by most secure websites, has many organizations scrambling to fix the issue — including universities.

The University of Nebraska-Lincoln announced that it was scanning all of the university’s networks for any Heartbleed vulnerabilities. Vanderbilt University announced it was doing the same, as did Stony Brook University, and the University of Texas, among others.

Speaking with a student newspaper last week, Cam Beasley, chief information security officer at the University of Texas, sought to calm student nerves.

“[There is] no real risk to students using central IT services, but it is possible that various Internet services they use could have experienced some exposure depending on if they were vulnerable and how long they took to patch systems,” Cam Beasley, the chief information security officer at the University of Texas, told the Daily Texan. “Several systems were patched once the update became available, but no critical services were exposed.”

At the University of Maryland, Ann G. Wylie, the interim vice president, said the bug did not affect many of the university’s systems, but that students, faculty, and staff should still be on alert.

“A little paranoia is warranted around this issue right now,” Wylie wrote in an email last week.

(Next page: Just how many higher education records have been at risk already this year?)